[SRU][Trusty][Bionic][PATCH 0/1] Fix for CVE-2018-16276
Kleber Sacilotto de Souza
kleber.souza at canonical.com
Fri Nov 9 14:33:24 UTC 2018
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16276.html
It was discovered that the YUREX USB device driver for the Linux kernel did
not properly restrict user space reads or writes. A physically proximate
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code.
Clean cherry-pick for Bionic, simple backport for Trusty only for
context adjustment.
Jann Horn (1):
USB: yurex: fix out-of-bounds uaccess in read handler
drivers/usb/misc/yurex.c | 23 ++++++-----------------
1 file changed, 6 insertions(+), 17 deletions(-)
--
2.17.1
More information about the kernel-team
mailing list